Trusted CI Blog

Time 2021-11-14 08:18:21

Web Name: Trusted CI Blog

WebSite: http://blog.trustedci.org

ID:231921

Keywords:

Trusted,CI,Blog,

Description:

keywords:
description:

Blog for Trusted CI.

Monday, November 1, 2021 Trusted CI at SFSCon 2021

SFSCon was on hiatus last year due to the pandemic, but it's back this year with a virtual format. SFSCon 2021, to be held November 5-7, will be the fourth annual cybersecurity training and professional development event organized by Cal Poly Pomona (CPP) for CyberCorps Scholarship for Service (SFS) students and alumni nationwide. This year SFSCon will use the U.S. Cyber Range for hands-on student training. Trusted CI will be providing Identity and Access Management training and Security Log Analysis training, as in previous years, with training materials updated for the virtual format.

Posted byJim Basneyat10:31 AMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:CPP,cybertraining,tutorial Wednesday, October 20, 2021 Trusted CI Begins Engagement with OOI

The Ocean Observatories Initiative (OOI), funded by the NSF OCE Division of Ocean Sciences #1743430, is a science-driven ocean observing network that delivers real-time data from more than 800 instruments to address critical science questions regarding the worlds oceans. OOI data are freely available online to anyone with an Internet connection.

The OOI provides an exponential increase in the scope and timescale of observations of the worlds oceans. Present and future educators, scientists, and researchers will draw conclusions about climatological and environmental processes based on these measurements, which sets a requirement for the data to be accurate, with a flawless pedigree. As a result, the OOI has a requirement to protect its data from being altered by any external agent.

To this end, OOI-CI (OOI Cyberinfrastructure) is seeking consultation from Trusted CI on evaluation of their current security program, along with guidance on reviewing and evaluating potential alternatives for an enhanced security posture. Through a kick-off meeting, Trusted CI and OOI discussed their concerns, questions, and goals, including: penetration testing; system and software vulnerability scanning and remediation; gaps in current policies and procedures; developing periodic security tasks; and identifying unknowns. These topics were refined and prioritized based on their needs using a subset of tasks outlining the goals of the engagement, specifically:

Perform a review of OOIs cyberinfrastructure using the Trusted CI Security Program Evaluation worksheet in order to assess the current state and target level of their cybersecurity.Review the 2015 Engagement final report and recommendations (covering OOI @Rutgers University) with the goal to see if any recommendations made at that time are still applicable and warranted.Using information documented in step 1., take initial steps towards adopting the Trusted CI Framework by developing a master information security policies and procedures document (MISPP).Discuss and document missing policies and procedures from the Framework, including questions and concerns raised by OOI, and also unknowns discovered in above exercises.Provide guidance on creating an asset inventory, applying a control set, and creating and maintaining a risk registry.

Additionally, broader impacts from this engagement can be realized as the OOI-CI is connected to several locations around the country. Lessons learned and recommendations from the engagement will be implemented at the other sites, which consist of Woods Hole Oceanographic Institute (WHOI) administration, and the three MIOs (Marine Implementing Organizations) that provide data from Oregon State University, University of Washington, and WHOI.

The engagement will run from September 2021 to December 2021.

Posted byShane Filusat11:43 AMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:CyberCheckup,engagements,Ocean Sciences,OOI Monday, October 18, 2021 Announcing Trusted CI's Open Science Cybersecurity Fellows Program (Applications due Nov.12th)

Application Deadline: Friday, Nov. 12thApply here.

Overview

TrustedCI serves the scientific community as the NSF Cybersecurity Center ofExcellence, providing leadership in and assistance in cybersecurity in thesupport of research. In 2019, Trusted CI is establishing an Open ScienceCybersecurity Fellows program. This program will establish and support anetwork of Fellows with diversity in both geography and scientific discipline.These fellows will have access to training and other resources to foster theirprofessional development in cybersecurity. In exchange, they will championcybersecurity for science in their scientific and geographic communities andcommunicate challenges and successful practices to Trusted CI.

About the program

Thevision for the Fellows program is to identify members of the scientific community,empower them with basic knowledge of cybersecurity and the understanding ofTrusted CIs services, and then have them serve as cybersecurity liaisons totheir respective communities. They would then assist members of the communitywith basic cybersecurity challenges and connect them with Trusted CI foradvanced challenges.

Trusted CI will select six fellows each year. Fellows will receiverecognition, cybersecurity professional development consisting of training andtravel funding. The Fellows training will consist of a Virtual Institute,providing 20 hours of basic cybersecurity training over six months. Thetraining will be delivered by Trusted CI staff and invited speakers. TheVirtual Institute will be presented as a weekly series via Zoom and recorded tobe publicly available for later online viewing. Travel support is budgeted(during their first year only) to cover fellows attendance at the NSFCybersecurity Summit, PEARC, and one professional development opportunityagreed to with Trusted CI. The Fellows will be added to an email list todiscuss any challenges they encounter that will receive prioritized attentionfrom Trusted CI staff. Trusted CI will recognize the Fellows on its website andsocial media. Fellowships are funded for one year but will be encouraged tocontinue to participate in TrustedCI activities the years following theirfellowship year.

After the Virtual Institute, Fellows, with assistance from the Trusted CI team,will be expected to help their science community with cybersecurity and makethem aware of Trusted CI for complex needs. By the end of the year, they willbe expected to present or write a short white paper on the cybersecurity needsof their community and some initial steps they will take (or have taken) toaddress these needs. After the year of full support, Trusted CI will continuerecognizing the cohort of Fellows and giving them prioritized attention. Overthe years, this growing cohort of Fellows will broaden and diversify TrustedCIs impact.

Applicationrequirements

A description of theirconnection to the research community. Any connection to NSF projects should beclearly stated, ideally providing the NSF award number.
A statement of interest in cybersecurity

Two-page biosketch

Optional demographicinfo

A letter from theirsupervisor supporting their involvement and time commitment to the program

A commitment to fullyparticipate in the Fellows activities for one year (and optionally thereafter)

The selection ofFellows would be made by the Trusted CI PIs and Senior Personnel based on thefollowing criteria:

1.Demonstratedconnection to scientific research, with preference given to those whodemonstrate a connection to NSF-funded science.

2. Articulated interestin cybersecurity.

3.Fellows that broadenTrusted CIs impact across all seven NSF research directorates (Trusted CIencourages applications for individuals with connections to NSF directoratesother than CISE), with connections to any of the NSF 10 Big Ideas, or Fellowsthat increase the participation of underrepresented populations.

Who shouldapply?

Professionals andpost-docs interested in cybersecurity for science, with evidence of that intheir past and current role

Research Computing,Data, and IT technical or policy professionals interested in applyingcybersecurity innovations to scientific research

Domain scientistsinterested in data integrity aspects of scientific research

Scientists from allacross the seven NSF research directorates interested in how data integrityfits with their scientific mission

Researchers in the NSF10 Big Ideas interested in cybersecurity needs

Regional networksecurity personnel working across universities and facilities in their region

People comfortable collaboratingand communicating across multiple institutions with IT / CISO / ResearchComputing and Data professionals

Anyone in a rolerelevant to cybersecurity for open science

More about theFellowship

Fellows come from a varietyof career stages, they demonstrate a passion for their area, the ability tocommunicate ideas effectively, and a real interest in the role of cybersecurityin research. Fellows are empowered to talk about cybersecurity to a wideraudience, network with others who share a passion for cybersecurity for openscience and learn key skills that benefit them and their collaborators.

If you have questions about the Fellows program, please let us know by emailingfellows@trustedci.org.




Posted byDiana Boreckyat3:25 PMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:Fellows Monday, October 11, 2021 Trusted CI webinar: The Trusted CI Framework; Overview and Recent Developments, Oct 25th @11am EasternTrusted CI's Scott Russell will be presenting the talk, The Trusted CI Framework; Overview and Recent Developments, on Monday October 25th at 11am (Eastern).

Please register here.

The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a new framework that would empower organizations to confront cybersecurity from a mission-oriented, programmatic, and full organizational lifecycle perspective. The Trusted CI Framework recommends organizations take control of their cybersecurity the same way they would any other important business concern: by adopting a programmatic approach.

This webinar will provide an introduction to the Trusted CI Framework, including a walkthrough of the 16 Musts for establishing a competent cybersecurity program. Then we will go on to cover recent developments with the Trusted CI Framework, including:

The publication of the first Framework Implementation Guide, which provides in-depth guidance on how to implement each Framework Must;The experiences of NOIRLab (NSF Major Facility) as the first official Framework adopter; andThe announcement of the Framework Cohort for 2022, an initiative to help Major Facilities adopt and implement the Framework.

Speaker Bio:

Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research. Scott was previously the Postdoctoral Fellow in Information Security Law Policy. Scotts work thus far has emphasized private sector cybersecurity best practices, data aggregation and the First and Fourth Amendments, and cybercrime in international law. Scott studied Computer Science and History at the University of Virginia and received his J.D. from the Indiana University, Maurer School of Law.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."Posted byJeannette Dopheideat11:49 AMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:framework,webinar Wednesday, September 29, 2021 Findings Report of the 2021 Trusted CI Annual Challenge on Software Assurance Published

As reported in this blog earlier this year, in 2021, Trusted CI is conducting our focused annual challenge on the assurance of software used by scientific computing and cyberinfrastructure.

In July, the 2021 Trusted CI Annual Challenge team posted its initial findings in this blog. The team is now pleased to share its detailed findings report:

Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews, September 2021. https://hdl.handle.net/2022/26799

Now that the team has finished its examination of software assurance findings, it will turn its focus to solutions. In accordance with that, later this calendar year, the Trusted CI team will be publishing a guide for recommended best practices for scientific software development.

For those interested in hearing more about the 2021 Annual Challenge, please (virtually) come to the teams panel session at the 2021 NSF Cybersecurity Summit at 3:05 EDT on October 13, 2021: https://www.trustedci.org/2021-summit-program

Posted bySean Peisertat5:16 PMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:annual challenge,software assurance Wednesday, September 22, 2021 SGCI Webinar: Security recommendations for science gateways, Sept 29th @ 1pm EDT

This webinar announcement was originally posted on SGCI's website.

Security recommendations for science gateways

Wednesday, September 29, 2021, 1 pm Eastern/10 am Pacific

Presented by Mark Krenz, Chief Security Analyst, Center for Applied Cybersecurity Research, Indiana University

Trusted CI has recently published a four-page document targeted at small team science gateways. This document provides a prioritized list of security recommendations to help reduce overall security risk. In this webinar Mark Krenz, from Trusted CI, will be providing an introduction and overview of the document, as well as a discussion of the lessons learned from the last few years of providing security consultations for science gateways.

See SGCI's webinars page for the Zoom link and password.

Posted byJeannette Dopheideat2:36 PMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:science gateways,webinar Tuesday, September 14, 2021 Trusted CI webinar: Q-Factor: Real-time data transfer optimization, September 27th @11am EasternMembers of FIU and ESnet are presenting the talk, Q-Factor: Real-time data transfer optimization leveraging In-band Network Network provided by P4 data planes, on Monday September 27th at 11am (Eastern). Our presenters are Jeronimo Bezerra, Richard Cziva, and Dr. Julio Ibarra.

Please register here.

Q-Factor is a framework to enable data transfer optimization based on real-time network state information provided by programmable data planes. Communication networks are critical components of todays scientific workflows. Researchers leverage long-distance ultra-high-speed networks to transfer massive data sets from acquisition sites to processing sites and share measurements with scientists worldwide. However, while network bandwidth is continuously increasing, most data transfers are unable to efficiently utilize the added capacity due to inherent limitations of parameter settings of the network transport protocols and the lack of network state information at the end hosts. To address these challenges, Q-Factor plans to use sub-second network state data to dynamically configure current transport protocol and operating systems parameters to reach higher network utilization and, as a result, to improve scientific workflows. Q-Factor leverages programmable network devices with the In-band Network Telemetry (INT) framework and delivers a software solution to process in-band measurements at the end hosts. Using Q-Factor on end hots, for instance Data Transfer Nodes (DTN)s, TCP/IP parameters will be configured according to temporal network characteristics, such as round-trip time, network utilization, and network buffer occupancy. This tuning is expected to increase network utilization, shorter flow completion times, and significantly reduce packet drops caused by under-provisioned network buffers. Q-Factor is a collaboration between Florida International University and Energy Science Network.

Speaker Bio:

Jeronimo Bezerra is the FIUs Center for Internet Augmented Research and Assessments IT Associate Director. Jeronimo has 19 years of IT and Network Engineering experience, most of them with RE networks. He is responsible for AmLight network operation and engineering, including the SDN deployment and operation. He is leading the Q-Factor design, development and deployment activities.

Richard Cziva is a software engineer at ESnet. He has a range of technical interests including traffic and performance analysis, data-plane programmability, high-speed packet processing, software-defined networking, and network function virtualization. Prior to joining ESnet in 2018, Richard was a Research Associate at University of Glasgow, where he looked at how advanced services (e.g., personalized firewalls, intrusion detection modules, measurement functions) can be implemented and managed inside wide area networks with programmable edge capabilities. Richard holds a BSc in Computer Engineering (2013) from Budapest University of Technology and Economics, Hungary and a Ph.D. in Computer Science (2018) from University of Glasgow, United Kingdom. He will lead the research activities in Q-Factor.

As the Assistant Vice President for Technology Augmented Research at FIU, Dr. Julio Ibarra is responsible for furthering the mission of the Center for Internet Augmented Research and Assessment (CIARA) to contribute to the pace and the quality of research at FIU through the application of advanced Cyberinfrastructure. Has 30+ years of IT and Telecom infrastructure management, 18 of those years of specialization with Research and Education networks and project management. Dr. Ibarra will be responsible for overall project management and coordination.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."Posted byJeannette Dopheideat11:23 AMEmail ThisBlogThis!Share to TwitterShare to FacebookShare to PinterestLabels:webinar Older PostsHomeSubscribe to:Posts (Atom)About Trusted CI

The mission of Trusted CI is to improve the cybersecurity of NSF computational science and engineering projects, while allowing those projects to focus on their science endeavors.

This mission is accomplished through one-on-one engagements with projects to solve their specific problems, broad education, outreach and training to raise the practice-of-security across the community, and looking for opportunities for improvement to bring in research to raise the state-of-practice.

For more information about what Trusted CI does, how it can help your project, the advances it is making in cybersecurity and resources for cybersecurity professionals, please see the Trusted CI website.

Tweets by @TrustedCIBlog Archive 2021(54) November(1)Trusted CI at SFSCon 2021 October(3) September(4) August(10) July(4) June(5) May(2) April(4) March(10) February(6) January(5) 2020(79) December(4) November(5) October(5) September(8) August(6) July(9) June(7) May(7) April(6) March(8) February(7) January(7) 2019(65) December(4) November(6) October(6) September(6) August(4) July(7) June(7) May(3) April(5) March(6) February(7) January(4) 2018(52) December(4) November(1) October(4) September(4) August(7) July(7) June(6) May(1) April(4) March(4) February(5) January(5) 2017(48) December(5) November(1) October(3) September(5) August(4) July(7) June(4) May(4) April(6) March(2) February(4) January(3) 2016(41) December(3) November(6) October(6) September(1) August(3) July(3) June(5) May(4) April(3) March(3) February(3) January(1) 2015(13) December(1) November(1) October(1) August(3) June(2) May(1) January(4) 2014(32) December(2) November(2) October(2) August(1) July(1) June(7) May(5) April(8) March(2) February(2) 2013(18) October(2) September(4) August(1) July(1) June(1) April(2) March(3) February(1) January(3) 2012(4) December(3) October(1)Search This BlogLabelsengagements(78)webinar(76)events(40)NSF Summit(38)iam(31)Trusted CI(22)vulnerabilities(22)compliance(16)cybersecurity programs(16)TTP(15)situational-awareness(15)trustworthy data(13)Fellows(12)framework(12)software assurance(12)PEARC(11)presentations(11)science gateways(11)CyberCheckup(10)project-news(10)success story(10)CUI(9)Internet2(9)oscrp(9)reports(9)engagement-cfp(8)identity federation(8)incident response(8)COVID-19(7)Survey(7)cybertraining(7)ESnet(6)NSF-cybersecurity-guide(6)secure coding(6)solicitations(6)students(6)CMMC(5)OSG(5)ResearchSOC(5)authentication(5)incommon(5)open source software(5)openssl(5)ransomware(5)software sustainability(5)tutorial(5)working group(5)BD Hubs(4)Cloud-computing(4)DKIST(4)FABRIC(4)benchmarking(4)data assurance(4)jobs(4)network(4)news(4)ARF(3)CERN(3)CPP(3)Cybersecurity(3)HPC(3)Jupyter(3)LSST(3)NCSA(3)Pegasus(3)REED+(3)advisory committee(3)annual challenge(3)blockchain(3)cici(3)idm(3)law and policy(3)office hours(3)video conferencing(3)xsede(3)AMNH(2)AoT(2)EDI(2)Gemini Observatory(2)GenApp(2)Globus(2)NEON(2)NRAO(2)NSF Summit Survey(2)OSiRIS(2)SLATE(2)Skim Reaper(2)TransPac(2)Trusted CI Vision(2)UC Berkeley(2)UNH-RCC(2)USAP(2)WISE(2)ask@trustedci.org(2)cilogon(2)controls(2)cyberinfrastructure(2)epoc(2)higher education(2)ligo(2)log analysis(2)racial inequities(2)ren-isac(2)research computing(2)risk(2)trust community(2)CI CoE(1)EPSCoR(1)LFST(1)OOI(1)OSC(1)Ocean Sciences(1)Science DMZs(1)cpe(1)cybercrime(1)large facilities(1)major facilities(1)

TAGS:Trusted CI Blog 

<<< Thank you for your visit >>>

Hot Websites